<?php

require_once (dirname(__FILE__) . "/../include/common.inc.php");
require_once DEDEINC.'/memberlogin.class.php';

if($cfg_mb_open == 'N')
{
    ShowMsg("系统关闭了会员功能，因此你无法访问此页面！","$cfg_basehost",0,8);
    exit();
}
$cfg_ml = new MemberLogin();

if($dopost=='return')
{

	/* 引入配置文件 */
    $code = preg_replace( "#[^0-9a-z-]#i", "", $_GET['code'] );
    require_once DEDEDATA.'/payment/'.$code.'.php';

	if($code=='alipay')
	{

		/* 检查数字签名是否正确 */
        ksort($_GET);
        reset($_GET);

        $sign = '';
        foreach ($_GET AS $key=>$val)
        {
            if ($key != 'sign' && $key != 'sign_type' && $key != 'code' && $key != 'dopost')
            {
                $sign .= "$key=$val&";
            }
        }

        $sign = substr($sign, 0, -1).$payment['alipay_key'];

        if (md5($sign) != $_GET['sign'])
        {
			ShowMsg("支付失败!", "$cfg_basehost", 0,8);
			exit();
        }


		$out_trade_no=str_replace("-S","",$out_trade_no);
		$row = $dsql->GetOne("SELECT * FROM #@__member_operation WHERE buyid = '$out_trade_no'");
		$money = $row['money'];
		$mid_ok = $row['mid'];
		
		
		if($payment_type==2){
			
			$row = $dsql->GetOne("SELECT * FROM #@__member_operation WHERE product='mb' and buyid = '$out_trade_no'");
			$money = $row['money'];			
			//会员下单处理信息
			$jmoney=str_replace('-','',$money);
			$jmoney="-".($jmoney+$row['surplus']);
			$dsql->ExecuteNoneQuery("UPDATE `#@__member_operation` SET sta = 2,money = '$jmoney', surplus = 0 WHERE product='mb' and  buyid='$out_trade_no'");
			$uinfo = $dsql->GetOne("SELECT money,uname FROM #@__member WHERE mid = '".$row['mid']."'");
			$remoney=$uinfo['money']-$row['surplus'];
			$dsql->ExecuteNoneQuery("UPDATE `#@__member` SET money = '$remoney' WHERE mid = '".$row['mid']."'");
			
			//发布者处理信息
			$zmoney=str_replace('-','',$money);
			$zmoney="+".($zmoney+$row['surplus']);
			$dsql->ExecuteNoneQuery("UPDATE `#@__member_operation` SET sta = 2,money = '$zmoney', surplus = 0  WHERE product='sell' and  buyid='$out_trade_no'");
			$zinfo = $dsql->GetOne("SELECT money,uname FROM #@__member WHERE mid = '".$row['umid']."'");
			$zemoney=$zinfo['money']+$row['surplus'];
			$dsql->ExecuteNoneQuery("UPDATE `#@__member` SET money = '$zemoney' WHERE mid = '".$row['umid']."'");
			
			//邮件提醒管理客户下单
			$fbz = $dsql->GetOne("SELECT email,oldinfo FROM #@__member_operation WHERE product='mb' and buyid = '$out_trade_no'");//获取发布者邮箱
			$gmz = $dsql->GetOne("SELECT email FROM #@__member_operation WHERE product='sell' and buyid = '$out_trade_no'");//获取购买者邮箱
			require_once(DEDEINC.'/mail.class.php');
			$zuname=$zinfo['uname'];//发布者
			$email=$fbz['email'];
			$title=$fbz['oldinfo'];
			$gemail=$gmz['email'];
			$guname=$uinfo['uname'];//购买者
			$mail_title = "客户余款支付通知！！";
			$mail_body = "尊敬的{$zuname}，您售出的，[定制模板] {$title}模板 订单号：{$out_trade_no}  {$guname}会员已经支付余款，请及时将源代码+使用文档整理后发送至客户邮箱：{$gemail}</p>";
			$headers = $cfg_adminemail;
			$mailtype = 'HTML';
			$smtp = new smtp($cfg_smtp_server,$cfg_smtp_port,true,$cfg_smtp_usermail,$cfg_smtp_password);
			$smtp->debug = false;
			$smtp->sendmail($email,$cfg_webname ,$cfg_smtp_usermail, $mail_title, $mail_body, $mailtype);
			
			
			ShowMsg("余款支付成功", "/user/operation.php", 0,8);
			
			exit;
		}
		
		else if($cfg_ml->M_ID != $mid_ok)
		{
			ShowMsg("充值失败，充值的账户和当前登录账户不一致", "$cfg_basehost", 0,8);
			exit();
		}
		else if($row['sta']==2)
		{
			ShowMsg("您的订单已经处理，请不要重复提交!", "$cfg_basehost", 0,8);
			exit();
		}				
		else if($row['product']=="mb")
		{
			
			$yz  = $dsql->GetOne("SELECT COUNT(aid) as num FROM #@__member_operation WHERE  sta='1' AND product='sell' AND buyid='$out_trade_no'");
			$num=$yz['num'];
			if($num > 0)
			{
				ShowMsg("请不要重复提交表单!", '-1');
				exit();
			}else{
			
			require_once(DEDEINC.'/mail.class.php');
			
			$id=$row['arcid'];		
			$arcRow = GetOneArchive($id);
			$url=$cfg_basehost;
			//邮件提醒管理客户下单
			$mai2 = $dsql->GetOne("SELECT * FROM #@__member_operation WHERE product='mb' and buyid = '$out_trade_no'");
			$uname=$mai2['mai2'];
			$memail=$mai2['email'];			
			$addtime=date("Y年m月d日h时i分",$mai2['mtime']);
	    	$mai1=$mai2['mai1'];
			$title=$arcRow['title'];
			$mail_title = "[织梦模板]客户下单通知！！";
			$mail_body = "<p>尊敬的{$uname}，您在织梦模板发布的，[模板定制]<font style=\"color:red;\"><a href=\"/coin/view.php?aid={$id}\" target=\"_blank\">{$title}</a></font>，于{$addtime}，被{$mai1}会员订购，订单号：{$out_trade_no}，会员已支付预付款{$money}元，请登录会员中心“<a href=\"/user/income.php\" target=\"_blank\">收益记录</a>”查看并核对订单信息，尽快联系买家沟通细节，并在约定的时间内完成模板制作，否则因延期导致的退款申请我们将直接退款给买家，不做任何退款提醒！</p>";
			$headers = $cfg_adminemail;
			$mailtype = 'HTML';
			$smtp = new smtp($cfg_smtp_server,$cfg_smtp_port,true,$cfg_smtp_usermail,$cfg_smtp_password);
			$smtp->debug = false;
			$smtp->sendmail($memail,$cfg_webname ,$cfg_smtp_usermail, $mail_title, $mail_body, $mailtype);			
			$smoney = "+".$money;
			$dsql->ExecuteNoneQuery("UPDATE `#@__member_operation` SET sta = 1 , money='$smoney' WHERE product ='sell' and  buyid='$out_trade_no'");
			$mai2_u = $dsql->GetOne("SELECT money FROM #@__member WHERE mid = '".$row['umid']."'");
			$zmoney=$mai2_u['money']+$money;		
			$dsql->ExecuteNoneQuery("UPDATE `#@__member` SET money = '$zmoney' WHERE mid = '".$row['umid']."'");
			

			//会员订单提醒
			//$member = $dsql->GetOne("SELECT * FROM #@__member WHERE mid = '$row[mid]'");
			$mai1 = $dsql->GetOne("SELECT * FROM #@__member_operation WHERE product='sell' and buyid = '$out_trade_no'");
			$time=date("Y年m月d日H时",$mai1['mtime']);
			$muname=$mai1['mai1'];
			$m2email=$mai1['email'];
			$mail_title = "[织梦模板]您的订单提交成功！！";
			$mail_body = "<table style=\"border-collapse: collapse;background-color: #ebedf0;font-family:'Alright Sans LP', 'Avenir Next', 'Helvetica Neue', Helvetica, Arial, 'PingFang SC', 'Source Han Sans SC', 'Hiragino Sans GB', 'Microsoft YaHei', 'WenQuanYi MicroHei', sans-serif;\" width=\"100%\" cellspacing=\"0\" cellpadding=\"0\" border=\"0\">
  <tbody><tr>
    <td>
      <table width=\"640\" cellspacing=\"0\" cellpadding=\"0\" align=\"center\">
        <tbody><tr>
          <td style=\"height:20px;\"></td>
        </tr>
        
        <tr>
          <td height=\"10\"></td>
        </tr>
        <tr>
          <td>
            <table width=\"640\" cellspacing=\"0\" cellpadding=\"0\">
              <tbody><tr style=\"line-height: 40px;\">
                <td style=\"padding-left: 290px;\" width=\"80\">
                  <a href=\"{$url}\" target=\"_blank\" style=\"color: #000;font-size: 26px;text-decoration: none;\">
                     {$cfg_webname}
                  </a>
                </td>
              </tr>
            </tbody></table>
          </td>
        </tr>
        <tr>
          <td height=\"40\"></td>
        </tr>
        <tr>
          <td style=\"background-color: #fff;border-radius:6px;padding:40px 40px 0;\">
            <table>
              <tbody><tr height=\"40\">
                <td style=\"padding-left:25px;padding-right:25px;font-size:18px;font-family:'微软雅黑','黑体',arial;\">
                  尊敬的{$muname}：
                </td>
              </tr>
              <tr height=\"15\">
                <td></td>
              </tr>
              <tr height=\"30\">
                <td style=\"padding-left:55px;padding-right:55px;font-family:'微软雅黑','黑体',arial;font-size:14px;line-height:20px;\">
                  您于 {$time}在织梦模板定制了,<a href=\"/coin/view.php?aid={$id}\" target=\"_blank\">{$title}</a><br>订单号:<font style=\"color:#1e5494;\">{$out_trade_no}</font>
                </td>
              </tr>
              <tr height=\"40\">
                <td style=\"padding-left:55px;padding-right:55px;font-family:'微软雅黑','黑体',arial;font-size:14px;\">
                  我们将在约定时间内完成模板制作，并发送到您下单时留下的邮箱，请您注意查收文件！感谢您对我们的支持。
                </td>
              </tr>
              <tr height=\"20\">
                <td></td>
              </tr>
              <tr>
                <td style=\"padding-left:55px;padding-right:55px;font-family:'微软雅黑','黑体',arial;font-size:14px;\">
                 <div style=\"font-size:12px; color:#999; font-family:'Microsoft YaHei'\">
                  注：此为系统邮件，请勿回复。
                </div>
                </td>
              </tr>
              <tr height=\"40\">
                <td></td>
              </tr>
            </tbody></table>
          </td>
        </tr>
        <tr>
          <td style=\"height:40px;\"></td>
        </tr>
        <tr>
          <td style=\"height:50px;\"></td>
        </tr>
      </tbody></table>
    </td>
  </tr>
</tbody></table>";
			$headers = $cfg_adminemail;
			$mailtype = 'HTML';
			$smtp = new smtp($cfg_smtp_server,$cfg_smtp_port,true,$cfg_smtp_usermail,$cfg_smtp_password);
			$smtp->debug = false;
			$smtp->sendmail($m2email,$cfg_webname ,$cfg_smtp_usermail, $mail_title, $mail_body, $mailtype);
			$money=str_replace('+','',$money);
			$cmoney="-".$money;	
			$dsql->ExecuteNoneQuery("UPDATE `#@__member_operation` SET sta = 1 , money='$cmoney',payment='支付宝' WHERE product ='mb' and  buyid='$out_trade_no'");
			$mai1_u = $dsql->GetOne("SELECT money FROM #@__member WHERE mid = '".$row['mid']."'");
			$smoney=$mai1_u['money']-$money;
			$dsql->ExecuteNoneQuery("UPDATE `#@__member` SET money = '$smoney' WHERE mid = '$row[mid]'");
			ShowMsg("购买成功，请随时查看邮箱！感谢您对我们的支持！!", "$cfg_memberurl", 0,5000);
			exit();
			}
		}else if($row['product']=="member"){
			
			$time=time();
			$aid=$row['pid'];
			$mtype = $dsql->GetOne("SELECT * FROM #@__member_type WHERE aid = '$aid'");
			$rank=$mtype['rank'];
			$exptime=$mtype['exptime'];
			$pname=$mtype['pname'];
			
			//$money= "-".$mtype['money'];
			$money= $mtype['money'];
			$endtime=$time+$exptime*3600*24;
			
			$dsql->ExecuteNoneQuery("UPDATE `#@__member` SET rank='$rank',uptime='$time',exptime='$exptime' WHERE mid = '$row[mid]'");
			$dsql->ExecuteNoneQuery("UPDATE `#@__member_operation` SET sta = 2,money='$money',sjmoney='".$mtype['money']."',endtime='".$endtime."',payment='支付宝' WHERE buyid='$out_trade_no'");
			ShowMsg("成功购买了".$pname."，账户升级！", "$cfg_memberurl",0,5000);
			exit();
		}
		
		else if($total_fee==$money)
		{    
	
			$row = $dsql->GetOne("SELECT * FROM #@__moneycard_type WHERE  money = '$money'");
			if(!empty($row)){
				$money_ok = $row['num'];
				$money    = $row['money'];
			}else{
				$money_ok = $money;
			}
			$info="充值获得".$money_ok."金币";
			$dsql->ExecuteNoneQuery("UPDATE `#@__member_operation` SET sta = 2,payment='支付宝', money = '+".$money_ok."',sjmoney='".$money."',oldinfo='".$info."' WHERE buyid='$out_trade_no'");
			$dsql->ExecuteNoneQuery("UPDATE `#@__member` SET money = money + '$money_ok' WHERE `mid`='$mid_ok'");
			ShowMsg("充值获得".$money_ok."金币！", "$cfg_memberurl",0,5000);
			exit();
		}
	}else{
		//echo $out_trade_no;
		$row = $dsql->GetOne("SELECT * FROM #@__member_operation WHERE  buyid = '$out_trade_no'");
		//print_r($row);
		//exit;
		$money = $row['money'];
		$mid_ok = $row['mid'];
		
		//exit;
		if($payment_type==2){
			
			$row = $dsql->GetOne("SELECT * FROM #@__member_operation WHERE product='mb' and buyid = '$out_trade_no'");
			$money = $row['money'];
			//会员下单处理信息
			$jmoney=str_replace('-','',$money);
			$jmoney="-".($jmoney+$row['surplus']);
			$dsql->ExecuteNoneQuery("UPDATE `#@__member_operation` SET sta = 2,money = '$jmoney', surplus = 0 WHERE product='mb' and  buyid='$out_trade_no'");
			$uinfo = $dsql->GetOne("SELECT money,uname FROM #@__member WHERE mid = '".$row['mid']."'");
			$remoney=$uinfo['money']-$row['surplus'];
			$dsql->ExecuteNoneQuery("UPDATE `#@__member` SET money = '$remoney' WHERE mid = '".$row['mid']."'");
			
			//发布者处理信息
			$zmoney=str_replace('-','',$money);
			$zmoney="+".($zmoney+$row['surplus']);
			$dsql->ExecuteNoneQuery("UPDATE `#@__member_operation` SET sta = 2,money = '$zmoney', surplus = 0  WHERE product='sell' and  buyid='$out_trade_no'");
			$zinfo = $dsql->GetOne("SELECT money,uname FROM #@__member WHERE mid = '".$row['umid']."'");
			$zemoney=$zinfo['money']+$row['surplus'];
			$dsql->ExecuteNoneQuery("UPDATE `#@__member` SET money = '$zemoney' WHERE mid = '".$row['umid']."'");
			
			//邮件提醒管理客户下单
			$fbz = $dsql->GetOne("SELECT email,oldinfo FROM #@__member_operation WHERE product='mb' and buyid = '$out_trade_no'");//获取发布者邮箱
			$gmz = $dsql->GetOne("SELECT email FROM #@__member_operation WHERE product='sell' and buyid = '$out_trade_no'");//获取购买者邮箱
			require_once(DEDEINC.'/mail.class.php');
			$zuname=$zinfo['uname'];//发布者
			$email=$fbz['email'];
			$title=$fbz['oldinfo'];
			$gemail=$gmz['email'];
			$guname=$uinfo['uname'];//购买者
			$mail_title = "客户余款支付通知！！";
			$mail_body = "尊敬的{$zuname}，您售出的，[定制模板] {$title}模板 订单号：{$out_trade_no}  {$guname}会员已经支付余款，请及时将源代码+使用文档整理后发送至客户邮箱：{$gemail}</p>";
			$headers = $cfg_adminemail;
			$mailtype = 'HTML';
			$smtp = new smtp($cfg_smtp_server,$cfg_smtp_port,true,$cfg_smtp_usermail,$cfg_smtp_password);
			$smtp->debug = false;
			$smtp->sendmail($email,$cfg_webname ,$cfg_smtp_usermail, $mail_title, $mail_body, $mailtype);
			
			
			ShowMsg("余款支付成功", "/user/operation.php", 0,8);
			
			exit;
		}
		
			
		if($cfg_ml->M_ID != $mid_ok)
		{
			ShowMsg("充值失败，充值的账户和当前登录账户不一致", "$cfg_basehost", 0,8);
			exit();
		}
		else if($row['sta']==2)
		{
			ShowMsg("您的订单已经处理，请不要重复提交!", "$cfg_basehost", 0,8);
			exit();
		}
		else if($row['product']=="mb")
		{
			
			$yz  = $dsql->GetOne("SELECT COUNT(aid) as num FROM #@__member_operation WHERE  sta='1' AND product='sell' AND buyid='$out_trade_no'");
			//exit;

			$num=$yz['num'];
			
			if($num > 0)
			{
				ShowMsg("请不要重复提交表单!", '-1');
				exit();
			}else{
			
			require_once(DEDEINC.'/mail.class.php');
			
			$id=$row['arcid'];		
			$arcRow = GetOneArchive($id);
			$url=$cfg_basehost;
			//邮件提醒管理客户下单
			$arcurl="/coin/view.php?aid=".$id;
			$income="/user/income.php";
			$mai2 = $dsql->GetOne("SELECT * FROM #@__member_operation WHERE product='mb' and buyid = '$out_trade_no'");
			$uname=$mai2['mai2'];
			$memail=$mai2['email'];			
			$addtime=date("Y年m月d日h时i分",$mai2['mtime']);
	    	$mai1=$mai2['mai1'];
			$title=$arcRow['title'];
			$mail_title = "客户下单通知！！";
			$mail_body = "<p>尊敬的{$uname}，您在织梦模板发布的，[模板定制]<font style=\"color:red;\"><a href=\"{$arcurl}\" target=\"_blank\">{$title}</a></font>，于{$addtime}，被{$mai1}会员订购，订单号：{$out_trade_no}，会员已支付预付款{$money}元，请登录会员中心“<a href=\"{$income}\" target=\"_blank\">收益记录</a>”查看并核对订单信息，尽快联系买家沟通细节，并在约定的时间内完成模板制作，否则因延期导致的退款申请我们将直接退款给买家，不做任何退款提醒！</p>";
			$headers = $cfg_adminemail;
			$mailtype = 'HTML';
			$smtp = new smtp($cfg_smtp_server,$cfg_smtp_port,true,$cfg_smtp_usermail,$cfg_smtp_password);
			$smtp->debug = false;
			$smtp->sendmail($memail,$cfg_webname ,$cfg_smtp_usermail, $mail_title, $mail_body, $mailtype);			
			$smoney = "+".$money;
			$dsql->ExecuteNoneQuery("UPDATE `#@__member_operation` SET sta = 1 , money='$smoney' WHERE product ='sell' and  buyid='$out_trade_no'");
			$mai2_u = $dsql->GetOne("SELECT money FROM #@__member WHERE mid = '".$row['umid']."'");
			$zmoney=$mai2_u['money']+$money;		
			$dsql->ExecuteNoneQuery("UPDATE `#@__member` SET money = '$zmoney' WHERE mid = '".$row['umid']."'");
			

			//会员订单提醒
			//$member = $dsql->GetOne("SELECT * FROM #@__member WHERE mid = '$row[mid]'");
			$mai1 = $dsql->GetOne("SELECT * FROM #@__member_operation WHERE product='sell' and buyid = '$out_trade_no'");
			$time=date("Y年m月d日H时",$mai1['mtime']);
			$muname=$mai1['mai1'];
			$m2email=$mai1['email'];
			$mail_title = "[织梦模板]您的订单提交成功！";
			$mail_body = "<table style=\"border-collapse: collapse;background-color: #ebedf0;font-family:'Alright Sans LP', 'Avenir Next', 'Helvetica Neue', Helvetica, Arial, 'PingFang SC', 'Source Han Sans SC', 'Hiragino Sans GB', 'Microsoft YaHei', 'WenQuanYi MicroHei', sans-serif;\" width=\"100%\" cellspacing=\"0\" cellpadding=\"0\" border=\"0\">
  <tbody><tr>
    <td>
      <table width=\"640\" cellspacing=\"0\" cellpadding=\"0\" align=\"center\">
        <tbody><tr>
          <td style=\"height:20px;\"></td>
        </tr>
        
        <tr>
          <td height=\"10\"></td>
        </tr>
        <tr>
          <td>
            <table width=\"640\" cellspacing=\"0\" cellpadding=\"0\">
              <tbody><tr style=\"line-height: 40px;\">
                <td style=\"padding-left: 290px;\" width=\"80\">
                  <a href=\"{$url}\" target=\"_blank\" style=\"color: #000;font-size: 26px;text-decoration: none;\">
                     {$cfg_webname}
                  </a>
                </td>
              </tr>
            </tbody></table>
          </td>
        </tr>
        <tr>
          <td height=\"40\"></td>
        </tr>
        <tr>
          <td style=\"background-color: #fff;border-radius:6px;padding:40px 40px 0;\">
            <table>
              <tbody><tr height=\"40\">
                <td style=\"padding-left:25px;padding-right:25px;font-size:18px;font-family:'微软雅黑','黑体',arial;\">
                  尊敬的{$muname}：
                </td>
              </tr>
              <tr height=\"15\">
                <td></td>
              </tr>
              <tr height=\"30\">
                <td style=\"padding-left:55px;padding-right:55px;font-family:'微软雅黑','黑体',arial;font-size:14px;line-height:20px;\">
                  您于 {$time}在织梦模板定制了,<a href=\"/coin/view.php?aid={$id}\" target=\"_blank\">{$title}</a><br>订单号:<font style=\"color:#1e5494;\">{$out_trade_no}</font>
                </td>
              </tr>
              <tr height=\"40\">
                <td style=\"padding-left:55px;padding-right:55px;font-family:'微软雅黑','黑体',arial;font-size:14px;\">
                  我们将在约定时间内完成模板制作，并发送到您下单时留下的邮箱，请您注意查收文件！感谢您对我们的支持。
                </td>
              </tr>
              <tr height=\"20\">
                <td></td>
              </tr>
              <tr>
                <td style=\"padding-left:55px;padding-right:55px;font-family:'微软雅黑','黑体',arial;font-size:14px;\">
                 <div style=\"font-size:12px; color:#999; font-family:'Microsoft YaHei'\">
                  注：此为系统邮件，请勿回复。
                </div>
                </td>
              </tr>
              <tr height=\"40\">
                <td></td>
              </tr>
            </tbody></table>
          </td>
        </tr>
        <tr>
          <td style=\"height:40px;\"></td>
        </tr>
        <tr>
          <td style=\"height:50px;\"></td>
        </tr>
      </tbody></table>
    </td>
  </tr>
</tbody></table>";
			$headers = $cfg_adminemail;
			$mailtype = 'HTML';
			$smtp = new smtp($cfg_smtp_server,$cfg_smtp_port,true,$cfg_smtp_usermail,$cfg_smtp_password);
			$smtp->debug = false;
			$smtp->sendmail($m2email,$cfg_webname ,$cfg_smtp_usermail, $mail_title, $mail_body, $mailtype);
			$money=str_replace('+','',$money);
			$cmoney="-".$money;	
			$dsql->ExecuteNoneQuery("UPDATE `#@__member_operation` SET sta = 1 , money='$cmoney' WHERE product ='mb' and  buyid='$out_trade_no'");
			$mai1_u = $dsql->GetOne("SELECT money FROM #@__member WHERE mid = '".$row['mid']."'");
			$smoney=$mai1_u['money']-$money;
			$dsql->ExecuteNoneQuery("UPDATE `#@__member` SET money = '$smoney' WHERE mid = '$row[mid]'");
			ShowMsg("购买成功，请随时查看邮箱！感谢您对我们的支持！!", "$cfg_memberurl", 0,5000);
			exit();
			}
		}
		
	}
}
else
{
	ShowMsg("数据错误", "$cfg_basehost", 0,8);
}

?>